Analysis Date2018-04-27 13:55:05
MD5489d0143fc7b55dc37db296bb7c5e9e4
SHA1901085af0c324dc38c3b2de7e329690e36d98bd2

Static Details:

File typeHTML document, ASCII text, with very long lines
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3BE2AF2C-49D4-11E8-B65F-525400489A3F}.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF882DABD4F8240BF4.TMP
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Windows\Fonts\staticcache.dat
Creates File\Device\RasAcd
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates File\Device\NetBT_Tcpip_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\Device\NetBT_Tcpip6_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\NetBT_Tcpip6_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{453ECA7C-49D4-11E8-B65F-525400489A3F}.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF24473E04B496B2B7.TMP
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFFEF4831FBEB52917.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFA6F20B75CFBCC6A7.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF549C62C97CDBBEE4.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFF79A3420BEB08F50.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF03EF1B1C02ED1C6D.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF7296682675C7AF0A.TMP
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Windows\System32\rsaenh.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\AppPatch\AppPatch64\sysmain.sdb
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Windows\Media\Windows Information Bar.wav
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\wdmaud.drv.mui
Creates FileC:\Windows\System32\en-US\MMDevAPI.DLL.mui
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\9A227620A01E38BA2D579C13EF7055715160E919
Creates File\??\Nsi
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates File\Device\RasAcd
Creates File\Device\RasAcd
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\jquery.min[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\jquery.min[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\amm[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\amm[1].htm
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates File\Device\Afd\Endpoint
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html
Creates FileC:\Users\Phil\AppData\Local\Temp\901085af0c324dc38c3b2de7e329690e36d98bd2.html

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f616a61 782f6c69 62732f6a   GET /ajax/libs/j
0x00000010 (00016)   71756572 792f312e 362e322f 6a717565   query/1.6.2/jque
0x00000020 (00032)   72792e6d 696e2e6a 73204854 54502f31   ry.min.js HTTP/1
0x00000030 (00048)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000040 (00064)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x00000050 (00080)   3a20656e 2d55530d 0a557365 722d4167   : en-US..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452038 2e303b20 57696e64 6f777320   IE 8.0; Windows 
0x00000090 (00144)   4e542036 2e313b20 57696e36 343b2078   NT 6.1; Win64; x
0x000000a0 (00160)   36343b20 54726964 656e742f 342e303b   64; Trident/4.0;
0x000000b0 (00176)   202e4e45 5420434c 5220322e 302e3530    .NET CLR 2.0.50
0x000000c0 (00192)   3732373b 20534c43 43323b20 2e4e4554   727; SLCC2; .NET
0x000000d0 (00208)   20434c52 20332e35 2e333037 32393b20    CLR 3.5.30729; 
0x000000e0 (00224)   2e4e4554 20434c52 20332e30 2e333037   .NET CLR 3.0.307
0x000000f0 (00240)   32393b20 4d656469 61204365 6e746572   29; Media Center
0x00000100 (00256)   20504320 362e3029 0d0a5541 2d435055    PC 6.0)..UA-CPU
0x00000110 (00272)   3a20414d 4436340d 0a416363 6570742d   : AMD64..Accept-
0x00000120 (00288)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000130 (00304)   6465666c 6174650d 0a486f73 743a2061   deflate..Host: a
0x00000140 (00320)   6a61782e 676f6f67 6c656170 69732e63   jax.googleapis.c
0x00000150 (00336)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000160 (00352)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f656d69 6e696d61 6c6c732f   GET /eminimalls/
0x00000010 (00016)   616d6d2e 6a732048 5454502f 312e310d   amm.js HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000040 (00064)   6e2d5553 0d0a5573 65722d41 67656e74   n-US..User-Agent
0x00000050 (00080)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000060 (00096)   6f6d7061 7469626c 653b204d 53494520   ompatible; MSIE 
0x00000070 (00112)   382e303b 2057696e 646f7773 204e5420   8.0; Windows NT 
0x00000080 (00128)   362e313b 2057696e 36343b20 7836343b   6.1; Win64; x64;
0x00000090 (00144)   20547269 64656e74 2f342e30 3b202e4e    Trident/4.0; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   3b20534c 4343323b 202e4e45 5420434c   ; SLCC2; .NET CL
0x000000c0 (00192)   5220332e 352e3330 3732393b 202e4e45   R 3.5.30729; .NE
0x000000d0 (00208)   5420434c 5220332e 302e3330 3732393b   T CLR 3.0.30729;
0x000000e0 (00224)   204d6564 69612043 656e7465 72205043    Media Center PC
0x000000f0 (00240)   20362e30 290d0a55 412d4350 553a2041    6.0)..UA-CPU: A
0x00000100 (00256)   4d443634 0d0a4163 63657074 2d456e63   MD64..Accept-Enc
0x00000110 (00272)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000120 (00288)   6c617465 0d0a486f 73743a20 73637269   late..Host: scri
0x00000130 (00304)   7074732e 63686974 696b612e 6e65740d   pts.chitika.net.
0x00000140 (00320)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000150 (00336)   702d416c 6976650d 0a0d0a69 6f6e3a20   p-Alive....ion: 
0x00000160 (00352)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a6d7061 7469626c 653b204d 53494520   .mpatible; MSIE 
0x00000070 (00112)   382e303b 2057696e 646f7773 204e5420   8.0; Windows NT 
0x00000080 (00128)   362e313b 2057696e 36343b20 7836343b   6.1; Win64; x64;
0x00000090 (00144)   20547269 64656e74 2f342e30 3b202e4e    Trident/4.0; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   3b20534c 4343323b 202e4e45 5420434c   ; SLCC2; .NET CL
0x000000c0 (00192)   5220332e 352e3330 3732393b 202e4e45   R 3.5.30729; .NE
0x000000d0 (00208)   5420434c 5220332e 302e3330 3732393b   T CLR 3.0.30729;
0x000000e0 (00224)   204d6564 69612043 656e7465 72205043    Media Center PC
0x000000f0 (00240)   20362e30 290d0a55 412d4350 553a2041    6.0)..UA-CPU: A
0x00000100 (00256)   4d443634 0d0a4163 63657074 2d456e63   MD64..Accept-Enc
0x00000110 (00272)   6f64696e 673a2067 7a69702c 20646566   oding: gzip, def
0x00000120 (00288)   6c617465 0d0a486f 73743a20 73637269   late..Host: scri
0x00000130 (00304)   7074732e 63686974 696b612e 6e65740d   pts.chitika.net.
0x00000140 (00320)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x00000150 (00336)   702d416c 6976650d 0a0d0a69 6f6e3a20   p-Alive....ion: 
0x00000160 (00352)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....


Strings